This fall, Apple is upgrading all paid iCloud accounts to something he calls iCloud +. It includes several cool new features in addition to existing iCloud storage, sync, and cloud features, but the most exciting might be something Apple calls iCloud Private Relay. At first, it looks like a VPN: your web browsing traffic is encrypted and sent through a relay to hide your exact location, IP address, or the content of your browsing traffic.
It’s not a VPN, however. Not enough. There are some important differences, which we will describe here. But iCloud Private Relay can be enough for most people, offering the most obvious benefits of a VPN to millions of users who would never consider signing up. Here’s what this private relay feature is, how it works, and how it’s different from a traditional VPN.
What is iCloud Private Relay?
Once you’ve upgraded to iOS 15, you’ll find a new setting in the iCloud Settings menu: Private Relay. Assuming you are paying for any iCloud plan and therefore have the iCloud + service, you can simply turn on this switch to enable iCloud Private Relay. That’s it, nothing to install or configure. There is a IP address location setting that allows you to preserve your approximate location or use a larger location, but most users can ignore it.
When this is enabled, all of your browsing activity in Safari will be routed through two “hops” or Internet relays. Your data is encrypted and then sent to Apple, so your ISP cannot see any of your web browsing requests. Once on Apple’s proxy server, the DNS query (which points a domain name like “macworld.com” to a specific server IP address) and your iPhone or Mac’s IP address are separated. Your IP address is held by Apple, while your DNS query is forwarded, encrypted, to a “trusted partner” who has the decryption key, along with a fake intermediate IP address based on your approximate location. Apple did not name its partners, but some web sleuths found them to be large internet backbone companies such as Akami, Cloudfare, and Fastly.
This means that Apple knows your IP address but not the name of the sites you are visiting, and the trusted partner knows the site you are visiting but not your IP (and therefore not who you are). Neither party can piece together a complete picture of both who are you and where you go.
The website you visit usually gets your exact IP address and DNS query, making it easy for it to create a fairly detailed profile of exactly who you are, where you are and where you are going online. Combine that with a few cookies, even the seemingly harmless ones, and it’s pretty straightforward to have all of your online activity profiled, tracked, tracked, and sold to advertisers (and others).
What iCloud Private Relay does is make the websites you visit totally ignore this information, so it cannot create profiles of your activity.
The IP addresses Apple uses in place of your real one are still roughly approximate your general area; It is not enough to identify you personally, but it will allow sites that use your IP address to broadcast local news, weather, sports or other information to continue to function properly. There is an option to use an even larger IP address, but it may cause some of these sites to work incorrectly.
Note that Apple doesn’t allow you to choose an IP address or even a region, and will never make it seem like you’ve come from a totally different place. In other words, if you want to use it to access geographically locked content in Netflix or other online services, you’re out of luck.
How is iCloud Private Relay different from a VPN?
As cool as this Private Relay feature is, it is definitely not a VPN. It will do a great job of preventing your web activity from being profiled based on your basic login details. But it has a lot of flaws compared to a real VPN. Some of them include:
It only works with Safari, not with other apps or web browsers you use. Technically, other DNS information and a small subset of app-related web traffic will use it, but it’s best to think of it as a Safari-only thing.
It is easily identified as a “proxy server”, with which many large networks such as schools or businesses will not work. Most good VPNs disguise themselves to look like normal non-proxy traffic.
As mentioned, it can’t hide the region you are connecting from, only your specific IP location, so you can’t access locked content outside of your region or discover websites like connecting from another country.
If all you really want to do is stop websites from creating a profile of you and selling it to advertisers and data brokers, then use iCloud Private Relay on your iPhone, iPad, or Mac when it is. available in fall 2021 is a great option. It’s quick, easy, and if you’re already paying for an amount of iCloud storage, you’ll get it for free.
If you want real privacy and security for all you are online, or want to access content available in countries other than your own, you will still need a VPN. Fortunately, we have a few VPN recommendations for you.
I have written professionally about technology for my entire working adult life – over 20 years. I like to understand how complicated technology works and explain it in a way that everyone can understand.